In the latest weekly update, ISMG editors discuss top takeaways from Ukraine's cyber defense success, how a European regulator suspended Facebook data transfers to the United States, and the state of the EU General Data Protection Regulation on its five-year anniversary.
Healthcare providers are struggling with protecting legacy medical devices against a rising tide of cyberthreats. New Health Sector Coordinating Council guidance can help, said Jessica Wilkerson of the Food and Drug Administration and Mike Powers of Intermountain Health.
Five years after the effective date of the General Data Protection Regulation, the European Union privacy law - hailed as a way to protect the privacy of citizens in an increasingly digital world - continues to be marred by criticism over its lack of effectiveness and uneven implementation.
Seed funding for Israeli cybersecurity startups has blossomed despite the economic downturn, and both deal volume and size have strengthened in 2022 as compared to 2021. The indefinite closing of the initial public offering market in spring 2022 caused late-stage investment to fall off a cliff.
Organizations lack visibility into their network and assets to fully understand their threat and risk exposure, said Liberty Strategic Capital's Michael D'Ambrosio. The trend of accessing corporate networks from remote locations has made it tough for businesses to know what's on their network.
Cyber programs must go beyond the digital realm and address physical security challenges around buildings and data centers even though there isn't a tool to implement. Firms often adopt physical security measures such as a secure data center with cameras and locked doors only when it's required.
The U.K. government earlier this month introduced a strategy to reduce fraud and scams called Fraud Strategy: Stopping Scams and Protecting the Public. Ken Palla, retired director of MUFG Bank, said this as an important step to combat authorized scams, which have now eclipsed unauthorized fraud.
Cyber insurance applicants should provide detailed responses that clarify the nature of their business to avoid claim denials in the event of a security incident. Pasich LLP Senior Managing Associate Tae Andrews urged applicants to "interrogate the interrogator" to push back on vague questions.
MiCA's consumer protection provisions extend to cybersecurity, with its anti-money laundering, cyberattack liability and travel rule clauses. ISMG contributors Ari Redbord of TRM Labs and Troy Leach of Cloud Security Alliance discuss its impact on cybercrime, compliance challenges and the way ahead.
In the latest weekly update, four ISMG editors discuss the mounting fallout from the March hack of Capita and accompanying data breach, the comprehensive crypto regulation adopted by the EU, and Crosspoint Capital's agreement to purchase Absolute Software for $657 million.
Yigal Unna, former DG, National Cyber Directorate, Israel, emphasized the importance of continued collaboration between defenders and the formation of a Global Cyber Cabinet consisting of more than 20 national CISOs from leading countries working to dismantle cybercrime syndicates.
Former chief security officer Joe Sullivan avoided jail time for his role in impeding a federal investigation into Uber's security practices, but attorney Lisa Sotto of Hunton Andrews Kurth LLP warned security leaders and executives "to take heed" and ensure they are covered for personal liability.
The "shift left" movement puts "unrealistic" expectations on developers, said Gayatri Prakash, vice president and general manager of compliance at CloudBees. She said installing new tools to manage various parts of the SDLC is not necessarily "going to solve our problem for security."
Cyber resilience is "even more critical in the post pandemic world," said Amit Basu, CISO of International Seaways. The NIST framework is a useful tool for developing, testing and maintaining cyber resilience, but too often security teams neglect the "detect" and "respond" functions, he added.
Attacks like Kaseya and SolarWinds have highlighted the supply chain risks and demonstrated how securing the supply chain can no longer just be considered a compliance function. It has evolved into a risk management function, said Fred Kneip, chief executive officer at CyberGRX.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.
